parser: Fix expansion of variables in the profile rules (!607) · Merge requests · AppArmor / apparmor

John Johansen requested to merge jjohansen/apparmor:unix-addr into master Sep 01, 2020

The parser is not handling variable expansion/rule conditionals correctly in some cases. Eg. NOT treating unix addr as a path and filtering slashes after variable expansion. This can lead to errors where

@{foo}=/a/ unix bind addr=@{foo}/bar,

will always fail because addr is being matched as /a//bar instead of /a/bar.

Note: this is a first pass and may not fix all cases. Eg. There is a known issue with profile names not being able to begin with a variable.

Signed-off-by: John Johansen john.johansen@canonical.com

nominated for 2.11-master

Edited Sep 09, 2020 by John Johansen

parser: Fix expansion of variables in the profile rules

Merge request reports